Security vulnerability found in iPhone’s Safari browser

July 22, 2007

Security vulnerability found in iPhones Safari browser A security hole has been found in iPhone’s Safari web browser, according to Independent Security Evaluators.

In a report released on its website, ISE is describing how it was able to take control of an iPhone by getting malicious code installed by three methods.

The first method is the scariest as it deals with the iPhone’s learning which Wi-Fi networks to trust.  If you have picked a trusted network, and find an attacker controlled access point of the same name and encryption, the code will be auto loaded on to your phone.  The odds of this seem fairly low, but are still frightening in that there is so little user intervention.

The other two methods involve visiting an online forum with the code embedded in a message, and the third one involves opening a link included in an email or SMS message.

All three methods of course can be avoided by applying normal safe-surfing procedures.  Use only networks you trust, visit sites you know and trust, and don’t open links from unknown senders.

The vulnerability does also exist in Windows and Mac versions of the Apple produced web browser.  At this time, this has only been accomplished in a laboratory setting with no reports of a real-world occurrence.  Apple has been notified of the vulnerability and is looking at it.

There is a preliminary version of their paper on their site, and a final version will be released at BlackHat in Las Vegas on August 2nd.

Be Sociable, Share!

One Response to “Security vulnerability found in iPhone’s Safari browser”

  1. Will Sheward:

    Your readers would perhaps be interested in hearing about another security hole, this one e-mail related. The authentication between the iPhone and Yahoo mail uses a proprietary mechanism that unfortunately leaves it wide open to a replay attack. I’ve posted more details at http://blog.isode.com/2007/07/iphone-signific.html

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Archives

Copyright © 2014 Blorge.com NS